A collection of utilities for Cobalt Strike's Beacon Object Files to make our life easier.
| Name | Description | Usage |
|---|---|---|
send_shellcode_via_pipe |
A BOF that allows the operator to send a shellcode or any byte content via a named pipe. | send_shellcode_via_pipe <pipe> <file> |
cat |
As the name implies, finally allows you to get the content of a text file from Cobalt Strike. Supports remote shares. | cat <file> |
wts_enum_remote_processes |
Enumerate remote processes using WTS APIs, also useful to check if you have access to a system | wts_enum_remote_processes <host> |
unhook |
A BOF that uses direct syscalls to remove the hooks from a user-specified module. Compatible only with 64 bit beacons. | unhook <module>, unhook ntdll.dll |
NOTE: Side effects could include: nose bleed, unrecoverable and immediate death of your beacons.
A particular thanks to @ajpc500 for inspiration and from which I might or might not borrowed some code.